IPSec from mobile Client to IPsec Site2Site Connection



  • Hello there,

    I'm having the following problem:

    Just connected Home-pfsense via VPN-Ipsec to Business-Lancom 1722  and the Tunnel works fine.
    Here are the IP-Information for this Tunnel:

    Home-IP-Range: 192.168.17.0/24
    Destination-IP-Range: 10.1.0.0/16

    Now I have established a mobile IPSec-Connection in order to connect my iPad to the Home-Network:

    Home-IP-Range: 192.168.17.0/24
    Mobile-IP-Range: 172.16.17.0/24

    In Order to route all the Internet-Traffic from the iPad via the VPN-Tunnel I have setup in the Phase2-Entry for the mobile-Connection the "Local Network-Entry" to "NONE"
    This VPN-Connection works fine and alle the traffic is routed through my Home-Network.

    Unfortunately I can not reach the Business-Network from the iPad which ist connected to the Lancom (10.1.0.0/16).

    How can I realize that ?

    I want to establish the VPN-Connection ipad <-> pfsense <-> Lancom and have the possibility to access the Lancom-Network from my iPad

    Just tried to install pfsense 2.1 but still i can not find a way to make this work.

    BTW: I don't think that the Lancom works with multiple Phase2-Entry…



  • Hello,  The lancom not allowing multiple phase 2 entries will probably be a problem for you.  I believe there needs to be a pair of SA entries PER subnet.  So the lancom would also need to know about your mobile network.

    Of course, you MIGHT be able to use a larger cidr network…

    1. change the ipsec tunnel between the lancom and your pfsense box to be 192.168.16.0/23.  <-- note the 23
    2. change your mobile network from 172.16.17.0/24 to 192.168.16.0/24

    The 192.168.16.0/23 network is shorthand for
    192.168.16.0-192.168.17.255.

    --jason